CVE-2019-12416

Summary

we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.

Affected Software

VendorProductVersion RangeStatus
n/aApache DeltaSpikeApache DeltaSpike up to including 1.9.2affected

Weaknesses

  • JavaScript Injection

ADP Enrichment

CVE Program Container

Additional References

References